The cybersecurity threat landscape is rapidly evolving, and cybercriminals are becoming more sophisticated. Traditional threat detection techniques that rely on signature-based threat detection are no longer effective. In fact, signature-based antivirus systems were only capable of detecting and blocking half of malware in the last quarter of 2019.
Anomaly-based detection enables the detection of cyberthreats designed to evade traditional detection systems by looking for abnormal behavior within a network or on a computer system. However, this approach to threat detection requires analysts to have the ability to differentiate benign anomalies from true threats. The CompTIA Cybersecurity Analyst (CySA+) validates analysts’ ability to use these strategies to effectively protect an organization against cyber threats.
What is the CySA+ certification?
The CySA+ certification is an intermediate-level certification designed for cybersecurity analysts. The focus of this certification is on the use of behavioral analytics and continuous monitoring to detect and respond to the cyberthreats that are frequently missed by traditional detection systems.
The CySA+ certification is on the cybersecurity pathway of the CompTIA certification path. The assumption is that a potential student already holds the certifications (or equivalent knowledge) for the Core Skills Certifications (IT Fundamentals, A+, Network+ and Security+). At this point, the student can branch into taking either the CySA+ certification or the PenTest+ certification, based on their area of specialization.
The CompTIA CySA+ certification exam contains a mix of multiple-choice questions and hands-on exercises. It meets the ISO 17024 standard and fulfills DoD Directive 8570.01-M requirements, as well as being FISMA-compliant.
What roles need the CySA+ certification?
The CySA+ certification is designed to cover the core skills required for intermediate-level security analysts. The focus is on behavior-based threat detection, but the certification also includes elements of software and application security, automation, threat hunting and IT regulatory compliance.
This wide range of topics means that the CySA+ certification does not only benefit employees acting as security analysts within an organization. A variety of other job roles common have overlapping skill sets and can benefit from this certification, including:
- Threat intelligence analysts
- Security engineers
- Application security analysts
- Incident responders or handlers
- Compliance analysts
- Threat hunters
What knowledge and skills does the CySA+ certification validate?
The CySA+ certification is designed to ensure that an organization’s security analysts possess the core competencies required to perform their job duties. This includes knowledge and hands-on experience in the following areas:
- Threat and vulnerability management: CySA+ validates an employee’s ability to use threat intelligence to improve the organization’s security through informed threat detection and vulnerability management
- Software and systems security: CySA+ teaches employees to identify and deploy the correct security solutions to manage organizational security risk and to configure software and hardware in accordance with best practice
- Compliance and assessment: CySA+ covers the importance of compliance frameworks, policies, procedures and controls and teaches employees to apply security concepts to help with achieving, maintaining and demonstrating regulatory compliance and managing the organization’s cyber risk
- Security operations and monitoring: CySA+ is focused on the use of continuous cybersecurity monitoring for threat detection and discusses how to use data to perform updates to security controls to improve the organization’s security posture
- Incident response: CySA+ discusses incident response best practices, including the use of proper procedures, analysis of potential indicators of compromise (IoCs) and fundamental digital forensic analysis techniques
The CySA+ certification exam is designed to validate that the student has the knowledge and experience necessary to effectively:
- Leverage intelligence and threat detection techniques
- Analyze and interpret data
- Identify and address vulnerabilities
- Suggest preventative measures
- Effectively respond to and recover from incidents
How does the CySA+ certification benefit my business?
Cybersecurity tools are only effective if they are configured and monitored by personnel with the knowledge and experience to use them effectively. While it was previously possible to detect many cyberthreats via signature-based analysis, this is no longer the case. Today, trained human analysts are required to take the data and threat intelligence provided by security solutions and determine if anomalous behavior on an organization’s systems indicates a potential attack or is a false positive detection.
An effective security analyst requires a diverse set of skills as well as hands-on experience to accurately identify if a particular event poses a security risk to an organization. These skills and levels of experience are difficult or impossible to validate based upon a review of a resume or other hiring practices.
The CySA+ certification enables an employer to ensure that their security analysts have the knowledge and skills necessary to detect and respond to threats to the organization’s cybersecurity. The exam includes both multiple choice questions and hands-on exercises, which ensures that a student has not just memorized the courseware but actually understands the content and has the ability to apply it within a realistic context.
How can I help my team prepare for CySA+ certification success?
The CompTIA CySA+ certification exam is an intense and in-depth evaluation of a security analyst’s skills. The inclusion of practical, hands-on exercises within the certification exam means that simply reading through a certification prep book is unlikely to set up an employee for success in passing the exam.
Only Half of Malware Caught by Signature AV, Dark Reading
Exam Details, CompTIA.org